Other than the technology itself of an IoT device and the service it provides, the single most important characteristic that will define either success or failure, no matter what the size of the business, will be the security of that device.
The IoT is only in its infancy and yet there have already been an alarming diversity of exploits that have rocked our consciousness including hacking into personal medical devices, automobiles, home security devices or highly publicized access to industrial systems controlling basic infrastructure like power.
A concern for the future of IoT is that manufacturers are being pushed to release products as soon as they can so they don’t fall behind competitors. Historically, that means that important security issues haven’t been properly planned for or tested, which means they can be ripe for a whole new wave of viruses and other malware, denial of service attempts and most critically, an attacker taking unauthorized control of the devices. One of the obvious worries that many security experts have is that many of the manufactures that are now working to develop IoT devices haven’t had to think about network security for previous versions of their products (e.g., automobiles, home appliances, personal medical devices, cameras).
To try and stay ahead of the potential exploits and inappropriate access to sensitive data, the manufacturers are going to have to deal with the same tried and true security areas that other network devices like firewalls, routers, handhelds, tablets, laptops and other network based systems have had to deal with. This list includes:
- Encryption of sensitive data at rest and in transit
- Maintaining updates
- Monitoring the physical security of IoT devices
- Privacy and confidentiality with regards to security standards
- Secure administration
In short, the security implications of the IoT devices are the same as virtually every other type of connected device you have come to rely on. The more secure an IoT device is with respect to the above security areas, the more likely it is to be adopted and to stand the test of exploits and hacking.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.